// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`User Identity Unit Tests Defaults - Nested 1`] = ` { "Resources": { "DefaultsNestedIdentityPool73A8A64B": { "DependsOn": [ "DefaultsNestedUserPool567C619B", "DefaultsNestedUserPoolsmsRole9E53925E", "DefaultsNestedUserPoolWebClient15C5E297", ], "Properties": { "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ClientId": { "Ref": "DefaultsNestedUserPoolWebClient15C5E297", }, "ProviderName": { "Fn::Join": [ "", [ "cognito-idp.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "DefaultsNestedUserPool567C619B", }, ], ], }, "ServerSideTokenCheck": true, }, ], }, "Type": "AWS::Cognito::IdentityPool", }, "DefaultsNestedIdentityPoolAuthenticatedRoleA6E986E9": { "DependsOn": [ "DefaultsNestedUserPool567C619B", "DefaultsNestedUserPoolsmsRole9E53925E", "DefaultsNestedUserPoolWebClient15C5E297", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsNestedIdentityPool73A8A64B", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Authenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsNestedIdentityPool73A8A64B", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "DefaultsNestedIdentityPoolDefaultRoleAttachment5574AB70": { "DependsOn": [ "DefaultsNestedUserPool567C619B", "DefaultsNestedUserPoolsmsRole9E53925E", "DefaultsNestedUserPoolWebClient15C5E297", ], "Properties": { "IdentityPoolId": { "Ref": "DefaultsNestedIdentityPool73A8A64B", }, "Roles": { "authenticated": { "Fn::GetAtt": [ "DefaultsNestedIdentityPoolAuthenticatedRoleA6E986E9", "Arn", ], }, "unauthenticated": { "Fn::GetAtt": [ "DefaultsNestedIdentityPoolUnauthenticatedRole28BCB3F0", "Arn", ], }, }, }, "Type": "AWS::Cognito::IdentityPoolRoleAttachment", }, "DefaultsNestedIdentityPoolUnauthenticatedRole28BCB3F0": { "DependsOn": [ "DefaultsNestedUserPool567C619B", "DefaultsNestedUserPoolsmsRole9E53925E", "DefaultsNestedUserPoolWebClient15C5E297", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "unauthenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsNestedIdentityPool73A8A64B", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Unauthenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsNestedIdentityPool73A8A64B", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "DefaultsNestedUserPool567C619B": { "DeletionPolicy": "Retain", "Properties": { "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Name": "verified_email", "Priority": 1, }, ], }, "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": true, }, "AliasAttributes": [ "email", ], "AutoVerifiedAttributes": [ "email", "phone_number", ], "DeletionProtection": "ACTIVE", "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "EnabledMfas": [ "SMS_MFA", "SOFTWARE_TOKEN_MFA", ], "MfaConfiguration": "ON", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "RequireUppercase": true, "TemporaryPasswordValidityDays": 3, }, }, "Schema": [ { "Mutable": true, "Name": "phone_number", "Required": false, }, { "Mutable": true, "Name": "email", "Required": true, }, { "Mutable": true, "Name": "given_name", "Required": true, }, { "Mutable": true, "Name": "family_name", "Required": true, }, ], "SmsConfiguration": { "ExternalId": "NestedStackDefaultsNestedUserPoolF08F152B", "SnsCallerArn": { "Fn::GetAtt": [ "DefaultsNestedUserPoolsmsRole9E53925E", "Arn", ], }, }, "SmsVerificationMessage": "The verification code to your new account is {####}", "UserAttributeUpdateSettings": { "AttributesRequireVerificationBeforeUpdate": [ "email", "phone_number", ], }, "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED", }, "UsernameConfiguration": { "CaseSensitive": false, }, "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}", }, }, "Type": "AWS::Cognito::UserPool", "UpdateReplacePolicy": "Retain", }, "DefaultsNestedUserPoolWebClient15C5E297": { "Properties": { "AllowedOAuthFlows": [ "implicit", "code", ], "AllowedOAuthFlowsUserPoolClient": true, "AllowedOAuthScopes": [ "profile", "phone", "email", "openid", "aws.cognito.signin.user.admin", ], "CallbackURLs": [ "https://example.com", ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", ], "SupportedIdentityProviders": [ "COGNITO", ], "UserPoolId": { "Ref": "DefaultsNestedUserPool567C619B", }, }, "Type": "AWS::Cognito::UserPoolClient", }, "DefaultsNestedUserPoolsmsRole9E53925E": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "NestedStackDefaultsNestedUserPoolF08F152B", }, }, "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": "sns:Publish", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "sns-publish", }, ], }, "Type": "AWS::IAM::Role", }, }, } `; exports[`User Identity Unit Tests Defaults - using legacy props 1`] = ` { "Parameters": { "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": { "DefaultsLegacyPropsIdentityPool99521833": { "DependsOn": [ "DefaultsLegacyPropsUserPoolEF40D398", "DefaultsLegacyPropsUserPoolsmsRole885B2281", "DefaultsLegacyPropsUserPoolWebClient084DDFA3", ], "Properties": { "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ClientId": { "Ref": "DefaultsLegacyPropsUserPoolWebClient084DDFA3", }, "ProviderName": { "Fn::Join": [ "", [ "cognito-idp.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "DefaultsLegacyPropsUserPoolEF40D398", }, ], ], }, "ServerSideTokenCheck": true, }, ], }, "Type": "AWS::Cognito::IdentityPool", }, "DefaultsLegacyPropsIdentityPoolAuthenticatedRole13B826B9": { "DependsOn": [ "DefaultsLegacyPropsUserPoolEF40D398", "DefaultsLegacyPropsUserPoolsmsRole885B2281", "DefaultsLegacyPropsUserPoolWebClient084DDFA3", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsLegacyPropsIdentityPool99521833", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Authenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsLegacyPropsIdentityPool99521833", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "DefaultsLegacyPropsIdentityPoolDefaultRoleAttachmentC29D2D43": { "DependsOn": [ "DefaultsLegacyPropsUserPoolEF40D398", "DefaultsLegacyPropsUserPoolsmsRole885B2281", "DefaultsLegacyPropsUserPoolWebClient084DDFA3", ], "Properties": { "IdentityPoolId": { "Ref": "DefaultsLegacyPropsIdentityPool99521833", }, "Roles": { "authenticated": { "Fn::GetAtt": [ "DefaultsLegacyPropsIdentityPoolAuthenticatedRole13B826B9", "Arn", ], }, "unauthenticated": { "Fn::GetAtt": [ "DefaultsLegacyPropsIdentityPoolUnauthenticatedRole933ECEDF", "Arn", ], }, }, }, "Type": "AWS::Cognito::IdentityPoolRoleAttachment", }, "DefaultsLegacyPropsIdentityPoolUnauthenticatedRole933ECEDF": { "DependsOn": [ "DefaultsLegacyPropsUserPoolEF40D398", "DefaultsLegacyPropsUserPoolsmsRole885B2281", "DefaultsLegacyPropsUserPoolWebClient084DDFA3", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "unauthenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsLegacyPropsIdentityPool99521833", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Unauthenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsLegacyPropsIdentityPool99521833", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "DefaultsLegacyPropsUserPoolEF40D398": { "DeletionPolicy": "Retain", "Properties": { "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Name": "verified_email", "Priority": 1, }, ], }, "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": true, }, "AutoVerifiedAttributes": [ "email", ], "DeletionProtection": "ACTIVE", "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "EnabledMfas": [ "SMS_MFA", ], "MfaConfiguration": "ON", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "RequireUppercase": true, "TemporaryPasswordValidityDays": 3, }, }, "SmsConfiguration": { "ExternalId": "DefaultsLegacyPropsUserPoolF2A9E2AD", "SnsCallerArn": { "Fn::GetAtt": [ "DefaultsLegacyPropsUserPoolsmsRole885B2281", "Arn", ], }, }, "SmsVerificationMessage": "The verification code to your new account is {####}", "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED", }, "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}", }, }, "Type": "AWS::Cognito::UserPool", "UpdateReplacePolicy": "Retain", }, "DefaultsLegacyPropsUserPoolWebClient084DDFA3": { "Properties": { "AllowedOAuthFlows": [ "implicit", "code", ], "AllowedOAuthFlowsUserPoolClient": true, "AllowedOAuthScopes": [ "profile", "phone", "email", "openid", "aws.cognito.signin.user.admin", ], "CallbackURLs": [ "https://example.com", ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", ], "SupportedIdentityProviders": [ "COGNITO", ], "UserPoolId": { "Ref": "DefaultsLegacyPropsUserPoolEF40D398", }, }, "Type": "AWS::Cognito::UserPoolClient", }, "DefaultsLegacyPropsUserPoolsmsRole885B2281": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "DefaultsLegacyPropsUserPoolF2A9E2AD", }, }, "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": "sns:Publish", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "sns-publish", }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5", ], { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`User Identity Unit Tests Defaults 1`] = ` { "Parameters": { "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": { "DefaultsIdentityPoolAuthenticatedRole69EA113E": { "DependsOn": [ "DefaultsUserPool8771AC2E", "DefaultsUserPoolsmsRoleE0CA6B10", "DefaultsUserPoolWebClient89951652", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsIdentityPoolBA85B5EA", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Authenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsIdentityPoolBA85B5EA", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "DefaultsIdentityPoolBA85B5EA": { "DependsOn": [ "DefaultsUserPool8771AC2E", "DefaultsUserPoolsmsRoleE0CA6B10", "DefaultsUserPoolWebClient89951652", ], "Properties": { "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ClientId": { "Ref": "DefaultsUserPoolWebClient89951652", }, "ProviderName": { "Fn::Join": [ "", [ "cognito-idp.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "DefaultsUserPool8771AC2E", }, ], ], }, "ServerSideTokenCheck": true, }, ], }, "Type": "AWS::Cognito::IdentityPool", }, "DefaultsIdentityPoolDefaultRoleAttachment961DF578": { "DependsOn": [ "DefaultsUserPool8771AC2E", "DefaultsUserPoolsmsRoleE0CA6B10", "DefaultsUserPoolWebClient89951652", ], "Properties": { "IdentityPoolId": { "Ref": "DefaultsIdentityPoolBA85B5EA", }, "Roles": { "authenticated": { "Fn::GetAtt": [ "DefaultsIdentityPoolAuthenticatedRole69EA113E", "Arn", ], }, "unauthenticated": { "Fn::GetAtt": [ "DefaultsIdentityPoolUnauthenticatedRole863CFE8C", "Arn", ], }, }, }, "Type": "AWS::Cognito::IdentityPoolRoleAttachment", }, "DefaultsIdentityPoolUnauthenticatedRole863CFE8C": { "DependsOn": [ "DefaultsUserPool8771AC2E", "DefaultsUserPoolsmsRoleE0CA6B10", "DefaultsUserPoolWebClient89951652", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "unauthenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsIdentityPoolBA85B5EA", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Unauthenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsIdentityPoolBA85B5EA", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "DefaultsUserPool8771AC2E": { "DeletionPolicy": "Retain", "Properties": { "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Name": "verified_email", "Priority": 1, }, ], }, "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": true, }, "AliasAttributes": [ "email", ], "AutoVerifiedAttributes": [ "email", "phone_number", ], "DeletionProtection": "ACTIVE", "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "EnabledMfas": [ "SMS_MFA", "SOFTWARE_TOKEN_MFA", ], "MfaConfiguration": "ON", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "RequireUppercase": true, "TemporaryPasswordValidityDays": 3, }, }, "Schema": [ { "Mutable": true, "Name": "phone_number", "Required": false, }, { "Mutable": true, "Name": "email", "Required": true, }, { "Mutable": true, "Name": "given_name", "Required": true, }, { "Mutable": true, "Name": "family_name", "Required": true, }, ], "SmsConfiguration": { "ExternalId": "DefaultsUserPool4C3A90C6", "SnsCallerArn": { "Fn::GetAtt": [ "DefaultsUserPoolsmsRoleE0CA6B10", "Arn", ], }, }, "SmsVerificationMessage": "The verification code to your new account is {####}", "UserAttributeUpdateSettings": { "AttributesRequireVerificationBeforeUpdate": [ "email", "phone_number", ], }, "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED", }, "UsernameConfiguration": { "CaseSensitive": false, }, "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}", }, }, "Type": "AWS::Cognito::UserPool", "UpdateReplacePolicy": "Retain", }, "DefaultsUserPoolWebClient89951652": { "Properties": { "AllowedOAuthFlows": [ "implicit", "code", ], "AllowedOAuthFlowsUserPoolClient": true, "AllowedOAuthScopes": [ "profile", "phone", "email", "openid", "aws.cognito.signin.user.admin", ], "CallbackURLs": [ "https://example.com", ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", ], "SupportedIdentityProviders": [ "COGNITO", ], "UserPoolId": { "Ref": "DefaultsUserPool8771AC2E", }, }, "Type": "AWS::Cognito::UserPoolClient", }, "DefaultsUserPoolsmsRoleE0CA6B10": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "DefaultsUserPool4C3A90C6", }, }, "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": "sns:Publish", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "sns-publish", }, ], }, "Type": "AWS::IAM::Role", }, }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5", ], { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `; exports[`User Identity Unit Tests User provided UserPool 1`] = ` { "Parameters": { "BootstrapVersion": { "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]", "Type": "AWS::SSM::Parameter::Value", }, }, "Resources": { "DefaultsIdentityPoolAuthenticatedRole69EA113E": { "DependsOn": [ "UserPool6BA7E5F2", "UserPoolWebClient4C9370B0", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsIdentityPoolBA85B5EA", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Authenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsIdentityPoolBA85B5EA", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "DefaultsIdentityPoolBA85B5EA": { "DependsOn": [ "UserPool6BA7E5F2", "UserPoolWebClient4C9370B0", ], "Properties": { "AllowUnauthenticatedIdentities": false, "CognitoIdentityProviders": [ { "ClientId": { "Ref": "UserPoolWebClient4C9370B0", }, "ProviderName": { "Fn::Join": [ "", [ "cognito-idp.", { "Ref": "AWS::Region", }, ".", { "Ref": "AWS::URLSuffix", }, "/", { "Ref": "UserPool6BA7E5F2", }, ], ], }, "ServerSideTokenCheck": true, }, ], }, "Type": "AWS::Cognito::IdentityPool", }, "DefaultsIdentityPoolDefaultRoleAttachment961DF578": { "DependsOn": [ "UserPool6BA7E5F2", "UserPoolWebClient4C9370B0", ], "Properties": { "IdentityPoolId": { "Ref": "DefaultsIdentityPoolBA85B5EA", }, "Roles": { "authenticated": { "Fn::GetAtt": [ "DefaultsIdentityPoolAuthenticatedRole69EA113E", "Arn", ], }, "unauthenticated": { "Fn::GetAtt": [ "DefaultsIdentityPoolUnauthenticatedRole863CFE8C", "Arn", ], }, }, }, "Type": "AWS::Cognito::IdentityPoolRoleAttachment", }, "DefaultsIdentityPoolUnauthenticatedRole863CFE8C": { "DependsOn": [ "UserPool6BA7E5F2", "UserPoolWebClient4C9370B0", ], "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "unauthenticated", }, "StringEquals": { "cognito-identity.amazonaws.com:aud": { "Ref": "DefaultsIdentityPoolBA85B5EA", }, }, }, "Effect": "Allow", "Principal": { "Federated": "cognito-identity.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Description": { "Fn::Join": [ "", [ "Default Unauthenticated Role for Identity Pool ", { "Fn::GetAtt": [ "DefaultsIdentityPoolBA85B5EA", "Name", ], }, ], ], }, }, "Type": "AWS::IAM::Role", }, "UserPool6BA7E5F2": { "DeletionPolicy": "Retain", "Properties": { "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Name": "verified_phone_number", "Priority": 1, }, { "Name": "verified_email", "Priority": 2, }, ], }, "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": true, }, "EmailVerificationMessage": "The verification code to your new account is {####}", "EmailVerificationSubject": "Verify your new account", "SmsVerificationMessage": "The verification code to your new account is {####}", "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "The verification code to your new account is {####}", "EmailSubject": "Verify your new account", "SmsMessage": "The verification code to your new account is {####}", }, }, "Type": "AWS::Cognito::UserPool", "UpdateReplacePolicy": "Retain", }, "UserPoolWebClient4C9370B0": { "Properties": { "AllowedOAuthFlows": [ "implicit", "code", ], "AllowedOAuthFlowsUserPoolClient": true, "AllowedOAuthScopes": [ "profile", "phone", "email", "openid", "aws.cognito.signin.user.admin", ], "CallbackURLs": [ "https://example.com", ], "ExplicitAuthFlows": [ "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", ], "SupportedIdentityProviders": [ "COGNITO", ], "UserPoolId": { "Ref": "UserPool6BA7E5F2", }, }, "Type": "AWS::Cognito::UserPoolClient", }, }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5", ], { "Ref": "BootstrapVersion", }, ], }, ], }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.", }, ], }, }, } `;